Address Greptile telemetry review comments

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-03 14:11:11 -05:00 · 2026-04-03 14:11:11 -05:00 · 68b2fe20bb
commit 68b2fe20bb
parent 9b3ad6e616
3 changed files with 44 additions and 2 deletions
--- a/server/src/tests/company-skills-routes.test.ts
+++ b/server/src/tests/company-skills-routes.test.ts
@ -177,6 +177,48 @@ describe("company skill mutation permissions", () => {
    });
  });

+  it("does not expose a skill reference when GitHub metadata is missing", async () => {
+    mockCompanySkillService.importFromSource.mockResolvedValue({
+      imported: [
+        {
+          id: "skill-1",
+          companyId: "company-1",
+          key: "unknown/private-skill",
+          slug: "private-skill",
+          name: "Private Skill",
+          description: null,
+          markdown: "# Private Skill",
+          sourceType: "github",
+          sourceLocator: "https://github.com/acme/private-skill",
+          sourceRef: null,
+          trustLevel: "markdown_only",
+          compatibility: "compatible",
+          fileInventory: [],
+          metadata: null,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        },
+      ],
+      warnings: [],
+    });
+
+    const res = await request(createApp({
+      type: "board",
+      userId: "local-board",
+      companyIds: ["company-1"],
+      source: "local_implicit",
+      isInstanceAdmin: false,
+    }))
+      .post("/api/companies/company-1/skills/import")
+      .send({ source: "https://github.com/acme/private-skill" });
+
+    expect(res.status, JSON.stringify(res.body)).toBe(201);
+    expect(mockTrackSkillImported).toHaveBeenCalledWith(expect.anything(), {
+      sourceType: "github",
+      skillRef: null,
+    });
+  });
+
  it("blocks same-company agents without management permission from mutating company skills", async () => {
    mockAgentService.getById.mockResolvedValue({
      id: "agent-1",
--- a/server/src/tests/routine-run-telemetry.test.ts
+++ b/server/src/tests/routine-run-telemetry.test.ts
@ -22,7 +22,7 @@ import {
 const mockTelemetryClient = vi.hoisted(() => ({ track: vi.fn() }));
 const mockTrackRoutineRun = vi.hoisted(() => vi.fn());

-vi.mock("../telemetry.ts", () => ({
+vi.mock("../telemetry.js", () => ({
  getTelemetryClient: () => mockTelemetryClient,
 }));

--- a/server/src/routes/company-skills.ts
+++ b/server/src/routes/company-skills.ts
@ -45,7 +45,7 @@ export function companySkillRoutes(db: Db) {
    if (skill.sourceType !== "github") {
      return null;
    }
-    const hostname = asString(skill.metadata?.hostname) ?? "github.com";
+    const hostname = asString(skill.metadata?.hostname);
    if (hostname !== "github.com") {
      return null;
    }